Security News > 2021 > August > Microsoft: Evasive Office 365 phishing campaign active since July 2020

Microsoft says that a year-long and highly evasive spear-phishing campaign has targeted Office 365 customers in multiple waves of attacks starting with July 2020.
The ongoing phishing campaign lures targets into handing over their Office 365 credentials using invoice-themed XLS.HTML attachments and various information about the potential victims, such as email addresses and company logos.
"In the case of this phishing campaign, these attempts include using multilayer obfuscation and encryption mechanisms for known existing file types, such as JavaScript. Multilayer obfuscation in HTML can likewise evade browser security solutions," Microsoft added.
Com; if the logo is not available, this segment loads the Microsoft Office 365 logo instead. Segment 3 - A script that loads an image of a blurred document, indicating that sign-in has supposedly timed out.
"During our year-long investigation of [this] targeted, invoice-themed XLS.HTML phishing campaign, attackers changed obfuscation and encryption mechanisms every 37 days on average, demonstrating high motivation and skill to constantly evade detection and keep the credential theft operation running," Microsoft added.
Microsoft alo warned in March of phishing operation that stole an estimated 400,000 OWA and Office 365 credentials since December 2020 and expanded to abuse new legitimate services to bypass secure email gateways.
News URL
Related news
- Microsoft fixes bug behind random Office 365 deactivation errors (source)
- Microsoft disrupts ONNX phishing-as-a-service infrastructure (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- New Rockstar 2FA phishing service targets Microsoft 365 accounts (source)
- Microsoft 365 outage takes down Office web apps, admin center (source)
- HubSpot phishing targets 20,000 Microsoft Azure accounts (source)
- New FlowerStorm Microsoft phishing service fills void left by Rockstar2FA (source)
- Criminal IP: Bringing Real-Time Phishing Detection to Microsoft Outlook (source)